Considering the power it gives, the bug is remarkably simple, described by security experts as a “howler” and “embarrassing”.

Those with root access can do more than a normal user, such as read and write the files of other accounts on the same machine. A superuser could also delete crucial system files, rendering the computer useless – or install malware that typical security software would find hard to detect.

Typically, the bug cannot be exploited remotely, meaning for most users the threat only exists if a malicious person has physical access to the machine. That said, if remote access has been granted to the computer for some other reason, such as offering tech support, then the flaw could be executed using that connection.

The timing of the disclosure presents a major issue to Apple as it now must hurriedly put in place a fix before the vulnerability can be exploited by criminals.

“Haste and security don’t make good bedfellows,” said Prof Alan Woodward from the University of Surrey.

“They will need to be careful the patch doesn’t introduce some other problem as they’ve not had time to properly test it.”

While Apple works on its fix, it offered a workaround for users concerned about the bug.

“Setting a root password prevents unauthorized access to your Mac,” the company explained.